Remote Electronic Voting in Estonia: Legality, Impact ...

2 downloads 4272 Views 29MB Size Report
In addition, tax declarations in Estonia are issued ... digital signature (Identity Documents Act 1999). The number of ..... “Electronic Filing of Income Tax Returns is.
Tallinn University of Technology Doctoral Theses Series I: Social Sciences, No. 24

Remote Electronic Voting in Estonia: Legality, Impact and Confidence

PRIIT VINKEL

PRESS

TALLINN UNIVERSITY OF TECHNOLOGY Ragnar Nurkse School of Innovation and Governance Faculty of Social Sciences

The thesis was accepted for the defense of the degree of Doctor of Philosophy in Public Administration on 20 July 2015.

Supervisors:

Professor Dr Ülle Madise (University of Tartu, Estonia) Professor Dr Robert Krimmer (Tallinn University of Technology, Estonia)

Opponents:

Professor Dr Norbert Kersting (University of Münster, Germany) Professor Dr Magdalena Musiał-Karg (Adam Mickiewicz University in Poznań, Poland)

Defense of the thesis: 24 August 2015 Declaration: Hereby I declare that this doctoral thesis, my original investigation and achievement, submitted for the doctoral degree at Tallinn University of Technology, has not been submitted for any other degree or examination. Priit Vinkel

Publication of this thesis is granted by the Doctoral School of Economics and Innovation created under the auspices of European Social Fund Copyright: Priit Vinkel, 2015 ISSN 1406-4790 ISBN 978-9949-23-827-9 (publication) ISBN 978-9949-23-828-6 (PDF)

CONTENTS LIST OF ORIGINAL PUBLICATIONS ........................................................................ 4 INTRODUCTION ........................................................................................................... 5 Scope and aim ................................................................................................................. 5 1. The discussion over constitutionality .......................................................................... 9 1.1 The constitutional review of 2005 ......................................................................... 9 1.2. Understanding secrecy in Internet Voting .......................................................... 10 1.3 Electoral complaints and Internet Voting............................................................ 10 1.4 Assessing the constitutionality ............................................................................ 11 1.5 Summary of the legal debate ............................................................................... 12 2. The development and impact of the Estonian Internet Voting .................................. 13 2.1 Setup phase ......................................................................................................... 13 2.2 Pivotal discussions in the parliament and amendments in electoral law ............. 13 2.3 Recent years ........................................................................................................ 15 2.4 The impact of Internet Voting ............................................................................. 16 2.5 Comparison with experience from Switzerland and Norway ............................. 19 2.6 Summary of the Estonian implementation experience ........................................ 20 3. Building voter confidence in Estonian Internet Voting ............................................. 22 3.1 Confidence in the e-government ......................................................................... 22 3.2 Confidence in the token of authentication........................................................... 23 3.3 Confidence in the electoral principles and the EMB ........................................... 23 3.4 The House of Confidence.................................................................................... 26 Conclusion and outlook ................................................................................................. 28 References ..................................................................................................................... 31 KOKKUVÕTE .............................................................................................................. 40 ACKNOWLEDGEMENTS .......................................................................................... 44 PUBLICATIONS (ARTICLES I–IV) ........................................................................... 45 APPENDIX (ARTICLES V–VIII) .............................................................................. 121 CURRICULUM VITAE ............................................................................................. 229 ELULOOKIRJELDUS ................................................................................................ 232 LIST OF AUTHOR'S PUBLICATIONS .................................................................... 234

3

LIST OF ORIGINAL PUBLICATIONS This dissertation is based on the following original publications: I Priit Vinkel. 2012. “Internet Voting in Estonia.” In P. Laud (ed.). Information Security Technology for Applications: 16th Nordic Conference on Secure IT Systems, NordSec 2011, Tallinn, Estonia, 26-28 October 2011, Revised Selected Papers. Berlin: Springer, 4-12. (1.1) II Ülle Madise and Priit Vinkel. 2011. “Constitutionality of Remote Internet Voting: The Estonian Perspective.” Juridica International 18, 4-16. (1.2) III Ülle Madise and Priit Vinkel. 2015. “A Judicial Approach to Internet Voting in Estonia.” In Jordi Barrat and Ardita Driza Maurer (eds). E-Voting Case Law: A Comparative Analysis. Farnham: Ashgate Publishing, 1-35 (forthcoming). (3.1) IV Ülle Madise and Priit Vinkel. 2014. “Internet Voting in Estonia: From Constitutional Debate to Evaluation of Experience over Six Elections.” In Tanel Kerikmäe (ed.). Regulating eTechnologies in the European Union. Cham: Springer International, 1-19. (3.1) APPENDIX V Priit Vinkel. 2012. “Internet Voting: Experiences from Five Elections in Estonia.” In T. Jundzis (ed.). Proceedings of the International Conference: Democracy and Development – Taiwan and Baltic Countries in Comparative Perspective, 27-28 April 2012. Riga: Latvian Academy of Sciences, 176-188. (3.1) VI Ülle Madise and Priit Vinkel. 2010. “TIC, votacions per Internet i altres serveis electronics a Estonia.” In J. Vall (ed.). EINES 12, Politica 2.0. Barcelona: Fundacio Josep Irla, 59-67. (3.2) VII Ülle Madise, Epp Maaten and Priit Vinkel. 2014. “Voto por Internet en Estonia.” In A. Ayala Sanchez (ed.). Nuevas Avenidas de la Democracia Contemporanea. Serie Docrina Juridica 707, Institutio de Investigaciones Juridicas. Mexico: Universidad Nacional Autonoma de Mexico, 575-601. (3.2) VIII Ülle Madise, Priit Vinkel and Epp Maaten. 2006. Internet Voting at the Elections of Local Government Councils on October 2005. Report. Tallinn: Estonian National Electoral Committee. (6.7)

4

INTRODUCTION Scope and aim We live in a time where information and the development of information and communication technologies (ICT) – most importantly the Internet – have shaped the understanding of communication. As Manuel Castells (2007) has put it “The diffusion of Internet, mobile communication, digital media, and a variety of tools of social software have prompted the development of horizontal networks of interactive communication that connect local and global in chosen time.” These networks build connections among persons and enhance the communication with the public as Internetbased transactions have grown to be a part of both private and public conduct. We see this tendency in commerce, where online business is growing stronger (Statista 2015a); likewise in online banking where the usage numbers in Europe reach up to 91% (Statista 2015b), and in the public sector where ICT-enabled services have also found growing acceptance (WE Forum 2015). The nature of one country’s democratic processes takes many influences from the development of the country and its democratic and legal culture (Venice Commission 2010). Therefore, the conduct of elections has many unique features in every country – e.g. the choice of voting channels or the time of voting. However, democratic elections have to adhere to a set of core principles – universality, freedom, equality (uniformity) and secrecy (ICCPR 1976, Art 25b). Guaranteeing these principles in all different electoral procedures (including electronic ones) is the challenge that is important to uphold the legitimacy of elections. The transformation of electoral procedures has been seen as a part of the development of e-democracy, which has gained considerable interest since the dawn of the 21st century. According to Krimmer (2012) circumstances like decreasing voter turnout, continuing disconnection of the citizen and the representative and general implications of globalization have driven the process. Introducing remote electoral methods (also, e.g., postal voting) serves the citizen in providing an easily accessible and comfortable means of voting. In addition, remote voting is also considered a viable alternative for disenfranchised voters whose participation in elections has always been dependent on the methods they are offered – voters living or residing permanently abroad, voters who are living in conditions which make it difficult for them to attend elections for geographical reasons and voters with disabilities. All these voters need to make extra efforts in participating in the democratic process, and in all these cases, the principle of universality (or general elections) prevails over the possible concerns connected with the way of voting (Gronke et al. 2008). Remote state-citizen communication has been implemented in many communities, but Estonia has been one of the most eager countries to actively pursue electronic services and procedures (Drechsler 2006; Madise 2007). Estonia has featured a remote online 5

voting method since 2005, and has been the only country in Europe (not to say the world) to have it without limitations in all types of elections. However, despite the widespread acceptance of ICT in the Estonian society, the constant development of the system has to guarantee the accordance with up-to-date security and usability recommendations. Researchers all over the world have early on tried to find suitable solutions to fit the criteria set by universal electoral principles and tackle the questions posed by different fields of interest. The research fields could be divided into four categories – computer science, legal science, social science and political science (Prosser and Krimmer 2004). Theoretical literature in the computer science is often related to voting from an uncontrolled environment and connected technical risks (e.g. security of the voting device and voting channel). Most of the papers and new scientific thought are being channeled to the vision of finding the safest, tamper-proof, mathematically sound system currently possible (e.g. Joaquim et al. 2013 or Mohammadpourfard et al. 2014). This field of study looks for the ideal solution to answer all possible theoretical risks and practical acceptance. The theoretical literature, however, is by and large explored and tested in laboratory conditions and unfortunately is not often viable or feasible in practical implementations. Nevertheless, all these studies also help the operational researchers (including those in Estonia) to further improve systems that are used in practice (e.g. Springall et al. 2014 or Spycher et al. 2012). Additionally, many articles are devoted to a topic that has been seen as the number one confidence builder in remote Internet Voting systems – verification. In theory, verification can be seen in several categories – individual verification, where only the voter is able to verify the trail of the vote, and universal verification, where any person or institution is able to verify the overall results of the I-voting – and in multiple stages – cast as intended (ballots are wellformed), recorded as cast and tallied as recorded– depending on the level of assurance (Popoveniuc et al. 2010). Estonia has implemented the recorded as cast level in 2013 (Heiberg and Willemson 2014); however, discussions about possible additional steps in this field are ongoing. The verification scene is very rich and filled with different ideas to offer credible ways towards higher verifiability (e.g. Nestås and Hole 2012 or Volkamer et al. 2011). Historically, in the early 2000s, the domain of trust building in (remote) electronic voting solutions was dominated by the concept of certification (Council of Europe 2004). Over the years, and with the growing possibilities of different solutions, verifiability has grown to be the main factor in guaranteeing the theoretical trustworthiness of an electronic voting solution. Legal science discussions form the basis for the implementation of a remote electronic voting system, as the question of constitutionality is the first issue to be answered (e.g. Braun 2006; Mitrou et al. 2003). Additionally, legal scientists are worried about judicial review of the election results and the legitimization of election outcomes (e.g. Loncke and Dumortier 2004; Meagher 2008). In social and political sciences, Internet Voting has been researched from a wide variety. The main interests are summarized by the effect of Internet Voting on effective turnout (e.g. Bochsler 2009; Vassil and Weber 2011; Solop 2004), experiences of various implementations, as in Switzerland or Norway (e.g. Driza Maurer et al. 2012; Stenerud 6

and Bull 2012), or more general discussions on the democratic implications of novel ideas in the electoral field (e.g. Reiners 2013; Mendez 2010). However, since most of the papers are bound to the context of the appropriate countries, the field lacks socialscience papers about the possible introduction of remote electronic voting in other countries and the implications of their use on a more theoretical level. Moreover, the international community is looking for the best practices in different countries. The most prominent process being the work of the Organization of Security and Co-operation in Europe (OSCE) and its institution in charge of the human dimension, the Office for Democratic Institutions and Human Rights (ODIHR). The organization has intensified its observation of countries that are using alternative remotevoting methods (OSCE/ODIHR 2007; 2011; 2012a; 2012b; 2013b; 2015). Recently it has published a handbook on observing elections using new voting technologies (OSCE/ODIHR 2013a). Literature about the Estonian Internet Voting experience was more concentrated in the early years, right after its adoption (e.g. Drechsler and Madise 2002; 2004; Maaten 2004; Madise and Martens 2006; Drechsler 2006), with some more specialized articles in the last five years (e.g. Alvarez et al. 2009; Musiał-Karg 2011; Heiberg et al. 2012; Reiners 2013; Heiberg and Willemson 2014). The Estonian experience has previously been analyzed in two dissertations (Krimmer 2012 and Madise 2007). Consequently, a gap in the scientific literature concerning a holistic interdisciplinary approach of a remote electronic-voting experience over a longer period could be seen. This dissertation aims to address the issue by offering an evidence-based approach with insight from electoral practice into the experience of the Estonian Internet Voting program. The theoretical framework of this dissertation is built on studies of election and constitutional law, the existing literature on the Estonian implementation and applicable studies in other countries. The core assumption of this dissertation is that in order to establish the principle of universal elections (ultimately freedom of vote), additional complementary methods of voting should be offered for the citizens in addition to Election Day voting. Therefore, an experience-based approach on Internet Voting has been presented in the articles. Moreover, especially in a small country like Estonia, it is commonly understood that as many voters as possible (and feasible) are to be engaged in voting. Therefore, innovative, comfortable and attractive ways of voting are created. However, the catch for the lawmaker is to find a suitable balance between the principle of universal elections and the rest of the core principles. The main question this dissertation aims to answer is: - How has Estonia managed to implement remote electronic voting as an established and credible voting channel?

7

In order to answer the main research question it is necessary to further break this question down into three main areas and sub-questions: - How constitutionally and legally sound are the Estonian solution and the implementation practices? -

How has the Estonian Internet Voting system developed over the course of its implementation, and what impact did it have?

-

What factors have helped building confidence into the Estonian system?

The articles that compose this thesis hold interdisciplinary features, tackling the proposed questions among others from the perspectives of constitutional review, institutional development and technical understandability. The legal and constitutional aspects of the Estonian I-voting solution are looked upon in II and III. The development and experience of the Estonian Internet Voting solution are covered in I, IV, V, VII and VIII. The factors and measures of confidence are discussed in I, V and VI. The main part of the dissertation is based on articles, out of which one paper is singleauthored and rated 1.1 (I), three (II, III and IV) have been co-published with one of the doctoral advisors with a balanced input in all papers (rated 1.2 and 3.1). The thesis features a report (VIII), rated 6.7, which has been added to the appendix to give a detailed insight into the implementation of Estonian Internet Voting in its maiden use. Additionally, two (VI and VII) non-English publications (in Catalan and in Spanish) for supporting the dissemination of the Internet Voting research in the according region (both 3.2) and a single-authored article (V) on the Estonian Internet Voting experience featured in Latvia, rated 3.1, have been added to the appendix. The author has extensive experience with the topic of elections, having worked at the Estonian National Electoral Committee (the central electoral management body, EMB, in Estonia) for 10 years (of which the last 2 years as chief executive). Additionally, he has taken part in the development of international standards at OSCE/ODIHR and Council of Europe and has been presenting the Estonian experience at numerous international conferences. Therefore, this thesis presents contemporary research on Internet Voting based on a rich set of practical experiences. The following introduction is divided into three chapters, each addressed to answer one of the sub-questions proposed earlier.

8

1. The discussion over constitutionality Before the first implementation of electronic voting, including Internet Voting, it is common to ask whether there is also a need to change the country’s constitution (see Braun 2006; Heindl et al. 2003; Rüß 2000). Similarly, in the Estonian experience, adding a new voting method in addition to paper voting and the introduction of a fully remote way of voting raised several questions in constitutional law (III).

1.1 The constitutional review of 2005 The Constitutional Chamber of the Estonian Supreme Court has analyzed in its review process the accordance of Internet Voting with constitutional principles, mainly with the principle of equality (uniformity) (Supreme Court 2005). The President launched the case in 2005, just before the first e-enabled elections and adoption of the refined stipulations in the electoral law. The center of the argument lay in the question whether the Internet Voters’ ability to change the Internet Vote by voting again electronically or on paper (for a general description of the Estonian I-voting system, see NEC 2015a) would give unconstitutional advantages when compared to the traditional voter (II). A possible lack of legitimacy of the election results could stem from either of the following situations: The privacy of an individual I-voting procedure cannot be supervised or observed by authorities. Therefore, large-scale buying and selling of votes, as well as exercising other influence or pressure on the voter, could be possible. The people themselves cannot verify the I-voting results, and people need to have absolute faith in the accuracy, honesty and security of the electoral system (its organizers, procedures, software and hardware). For people who did not take part in developing the system, the computer operations could be verified only by knowing the input and comparing the expected with the actual output (similar to a black box). In a secret-ballot system, there is no known input, nor is there any expected output with which to compare the electoral results (II). Additionally, guaranteeing the freedom and secrecy of vote in an uncontrolled environment was examined in the review process. Based on the remote nature, one of the cornerstones of free voting – mandatory privacy in the voting process – is not possible in Internet-based remote voting. The two sub-principles of secrecy of voting were analyzed by the Supreme Court: privacy of voting and the anonymity of the vote. The court explained that to be found constitutional, Internet Voting should especially have the “virtual voting booth” – the possibility to change the I-vote in the voting process. It is important to emphasize that the constitutionality of the Internet as a communication channel, together with possible threats on anonymity and secrecy, was not analyzed in that particular case and has not yet been analyzed by the Estonian Supreme court (III). 9

1.2. Understanding secrecy in Internet Voting The secrecy of voting has traditionally been understood in Estonia, and elsewhere, as the right and obligation to cast the vote alone in a voting booth. In the case of Internet Voting, it is impossible to ensure the privacy aspect of the voting procedure. The voter’s right to anonymity during the tallying of the votes can be guaranteed, indeed to the extent to which this can be secured in the case of remote postal voting (Kersting 2004a). Therefore, remote electronic voting requires a rethinking of the privacy principle (II). The principle of privacy is there to protect a person from any pressure or influence acting against his or her free expression of a political preference. Such a teleological approach to the principle was the basis of the I-voting provisions from the very beginning of the whole project. Consequently, the provisions enabling Internet Voting are based on the premise that the government has to trust the citizen and avoid, whenever possible, interference with decision-making at the individual level. The voter has to be aware of the risks, and he or she has to have the right to decide whether to use the opportunity of Internet Voting (II). Therefore, Internet Voting cannot, under the same conditions, replace traditional paper voting and should be considered a complementary solution (Council of Europe 2004). The 2005 ruling of the Supreme Court agreed with this position (Supreme Court 2005).

1.3 Electoral complaints and Internet Voting The second broader category of discussions on Internet Voting have taken place in the Constitutional Chamber of the Supreme Court following specific electoral complaints. Complaints in Estonian elections (both on paper voting and on Internet voting) can be issued via a fast-track appeal system, where institutions have only a limited period to reach a verdict (electoral committees five working days, Supreme Court seven working days). In addition to the Supreme Court, appeals have to be scrutinized in two tiers (county-level and national) of electoral committees. Altogether, there are three tiers, so the maximum duration of dealing with an electoral complaint in all instances is about one month (Heinsalu et al. 2012). The principles of equality, secrecy, technical uniformity, procedural soundness and security of Internet Voting have been raised in the different complaints. The effect of the possible shortcoming on the overall election results is the overarching question that has to be analyzed based in the complaints. By 2015, all of the complaints concerning Internet Voting have been dismissed (III). However, the complaints issued after the 2011 parliamentary elections have a strong influence on the parliamentary debates of 2012 (see chapter 2.2). Additionally, an issue that has arisen in these complaint debates is how to obtain applicable and sufficient evidence, which is by concept difficult, due to the anonymity of the vote. So far the Supreme Court has been quite innovative and liberal in the I-

10

voting electoral complaint judgments, however, always stating that the election organizers should have done their best in avoiding any malpractice (III).

1.4 Assessing the constitutionality On a broader note, the question whether remote Internet Voting with binding results in public political elections complies with the constitutional principles of sound and fair voting cannot be answered simply with a “yes” or a “no”. Instead two questions could be proposed. The first sub-question should be whether the legal norms in the abstract comply with the constitutional provisions of the state, and the second whether the technical solution used to conduct voting procedures in a certain election guarantees constitutionality (II). The first sub-question can be answered based on theoretical analysis and could be researched in a constitutional review process, but the second should be examined before and after the actual elections. The fact that it is not possible to fulfil all of the theoretical and conceptual requirements set for an (originally paper-based) voting system is not enough for declaring I-voting as a solution to be unconstitutional. The second subquestion can be answered with “yes” only if sufficient measures are in place to check whether the IT solutions work properly. This leads to the requirement that auditing, verification and evaluation of the results be stipulated in the law and electoral regulation (II). In the case of Estonian, the legal norms comply with the constitutional provisions, because eID enables secure remote identification, eID has overall penetration, all advance voters (both electronic and paper voters) are placed in the same conditions, and the “virtual voting booth” (the right to replace an I-vote with another I-vote or a paper ballot) and the virtual double-envelope system ensure freedom of voting and the uniformity of elections. Therefore, the answer to the first sub-question is “yes”. Moreover, the system is justified by the target to guarantee universal (general) suffrage in an information society where e-services (including Internet Voting) are demanded by a significant proportion of the electorate. Whilst formal equality can be provided, the questions of material equality (the access to computers and Internet) and the issue of the digital divide remain. In addition, complying with the principle of secrecy poses new obstacles for many countries. According to the teleological interpretation of the principle of secrecy, the voting act is to be seen not as an aim but as a measure to guarantee freedom of voting, and the anonymity aspect of the principle of secrecy can be guaranteed (III). The analysis of the compliance of the Estonian I-voting system with the ICCPR (1976) has given positive results as well, but also emphasized the importance of special procedures to facilitate auditing and observation of I-voting (Meagher 2008). The answer to the second sub-question is more complicated. Internet Voting in concrete elections is constitutional if the provisions of the law are fulfilled in practice: only people who are entitled to vote can vote, I-votes cast over the Internet are recorded and tallied 11

properly, and only one vote per voter is counted (OSCE/ODIHR 2013a). Independent IT auditing that covers all aspects of the system can prove its soundness. The proper performance of the IT system should be verified and audited before, during and after voting. Personal computers and the Internet remain the weakest links of the system. Additional changes of 2012 introduced the first steps of individual verification to the Estonian system and therefore opened new possibilities to minimize the threats from personal computers. Nevertheless, remote online voting as a concept is never absolutely ready and secure. Constant development of the system needs to be maintained to stay ahead of possible risks and threats. To date, the courts answer the second sub-question with a tentative “yes”. Nevertheless, confidence and trust are the most important factors in judging the reliability of the system and they should be built and maintained by effective practical measures (III).

1.5 Summary of the legal debate In conclusion, the 2005 constitutional debate has maintained its position throughout the years of Internet Voting implementation in Estonia. The principle of the “virtual voting booth” as a guarantee for freedom and the understanding of teleological secrecy of voting have become the cornerstones of the Estonian system and are also adopted in other Internet Voting systems (see chapter 2.5). The electoral complaints hold an important role in surfacing possible challenges with the use of Internet Voting. During the first ten years, complaints on equality, secrecy, technical uniformity, procedural soundness and security of the system have been raised. However, no violations have been found. The constitutionality of an Internet Voting system can be assessed on levels of the general compliance with the electoral principles and the soundness of the implementation of the system in actual elections. The first-level question in the Estonian case could be answered positively, the system is in general compliance with the constitutional provisions. The answer to the second-level question in Estonia could also be seen in a positive light, but it depends heavily on the processes of verification and auditing. In addition, the appropriate measures need constant upgrading and development.

12

2. The development and impact of the Estonian Internet Voting This chapter aims to analyze the Estonian remote electronic voting experience throughout the years of its implementation. For this, the development of the Estonian system has been divided into three periods – (1) the setup and implementation phase, (2) the years of increasing participatory numbers and additional legal debates and (3) the introduction of verifiability and stable use of the method. Additionally, the impact of the added voting method will be analyzed and parallels with two other I-voting countries – Switzerland and Norway – will be drawn.

2.1 Setup phase The year 2002 marked the start of the setup phase, when a very general principle of remote electronic voting was stipulated in the electoral law (LGCEA 2002), allowing the election authorities to start with the project preparations, find a vendor and prepare for the 2005 local elections. Legal debates on the topic were restarted in 2005 to broaden the regulations in the law (LGCEA 2005). This period also holds the discussions about the constitutionality of the system in the Constitutional Chamber of the Estonian Supreme Court (see chapter 1.1). To test the features of the system a limited pilot was held in Tallinn in January 2005 (VIII). The first e-enabled elections (for the local government councils) were held in October 2005. A more in-depth discussion and report can be found in VIII.

2.2 Pivotal discussions in the parliament and amendments in electoral law The second phase entails a steady rise in user numbers and diffusion of the solution in elections. The legal stipulations had not been changed between the years 2005 and 2011. However, the technical solution was constantly updated for every implementation; the Mobile-ID support and a new voter-application interface were developed for the 2011 general elections (Heiberg et al. 2012). The end of this phase is marked by a report by OSCE/ODIHR (2011), where several key features of the Estonian Internet Voting system and the regulation were revised and recommendations were made. This process was the main engine to launch renewed discussions in the parliament to look over the Internet Voting regulations and amend the procedures to bring more transparency and introduce additional steps on verifiability (IV). After the 2011 general elections, where almost a quarter of all votes were given electronically, the parliament decided to specify the norms of I-voting in electoral law in order to improve the legitimacy and transparency of I-voting. Until 2011, the I-voting procedures had only very brief legislative regulations (despite the discussions in 2005). The parliament established a special working group (Constitutional Committee 2011) 13

that, in addition to detailed procedures, had to propose a solution for raising transparency and accountability in the I-voting system (III). At the same time the technical community, which had been involved by the EMB in discussions about the security and transparency of I-voting, came to the conclusion that a new mechanism for some level of verification was needed in Estonia (Draft law 186SE 2012). The perceived aim was to detect possible malicious attacks on the I-voting system. The EMB has a better chance to discover attacks and react to those if I-voters, even a relatively small amount of them, verify their vote. If somebody finds out and reports that his/her vote is not stored correctly, measures can be taken immediately (Heiberg et al. 2012). In addition, a second channel for executing the verification had to be found, because if voters use the same personal computers for voting and verification, it will only add a limited amount of additional information regarding the voting computers. Therefore, an independent channel, like a mobile phone or a mobile device, was introduced for verification (Heiberg and Willemson 2014). In 2012, the parliament adopted several amendments (Draft law 186 SE 2012) to the electoral law, stating that a new electoral committee – the electronic voting committee – was to be created for the technical organization of I-voting. The first elections where the committee was in charge were the 2013 local elections. The law also regulates that before every implementation the I-voting system must be tested and audited. The most significant change of the law was the statement that, from 2015 on, voters have to have the possibility to verify that their vote has reached and is stored at the central server of the elections and reflects the choice of the voter correctly (IV). The main lesson that can be learnt from this period is that together with the development of the technical environment, also the legal regulation has to be kept up. As Drechsler and Kostakis (2015) argue, technology is constantly evolving, but the law is not updated immediately. This allows for a process of consideration where only sustainable and desirable technologies are implemented. Verifiability was not implemented when it was available (years before the actual introduction) but when there was a concrete need due to the recent discussions in the country. Moreover, only the quiet period between elections allowed these discussions to take place where a reasonable system was selected and implemented. Additionally, widely accepted reports and input from the specialists’ community have shown to be strong initiators in the 2011-2012 legal processes. Moreover, the timing of possible reforms has to be taken into account, as the electionfree period from 2011 to 2013 came after a long period of back-to-back elections and was the only time where EMB and the parliament could take up a larger reform of the system.

14

2.3 Recent years The third phase of development could be defined in the last three elections, where the share of I-voters among all voters has stayed high and additional steps of individual verification – recorded as cast – were implemented (IV). The number of I-voters who verified their vote has grown through the years, reaching 4.3% in the 2015 elections (Table 1). Despite the relatively small number of verifiers, mathematically the absence of any large-scale attacks or manipulations is notable (Heiberg and Willemson 2014). The discussion about transparency and verifiability in a remote electronic voting system has clearly defined the general Internet Voting discussion in the past (Krimmer 2012; Spycher et al. 2012, Volkamer et al. 2011) and will define it in the nearer future. The same is true for Estonia, despite introducing the first stages of verification (Springall et al. 2014 and predicted in I). The OSCE/ODIHR election specialists’ report (OSCE/ODIHR 2015) emphasizes the need for added verifiability, and the electronic voting committee is actively seeking contributions from the ICT community (EVC 2015) to bring added knowledge into the analysis of the solution; the fact that the next elections are in 2017 offers enough time for bolder development.

Table 1. Detailed data on Internet Voting in Estonia 2005-2015 (Data: National Electoral Committee)

Eligible voters Participating voters (voter turnout) General voter turnout I-voters I-votes counted I-votes cancelled (replaced with paper ballot) I-votes invalid (not valid due to a nonstandard of vote) Multiple Ivotes (replaced with I-vote)

2005 Local Elections

2007 Parliamentary Elections

2009 European Parliament Elections

2009 Local Elections

2011 Parliamentary Elections

2013 Local Elections

2014 European Parliament Elections

2015 Parliamentary Elections

1,059,292

897,243

909,628

1,094,317

913,346

1,086,935

902,873

899,793

502,504

555,463

399,181

662,813

580,264

630,050

329,766

577,910

47.4%

61.9%

43.9%

60.6%

63.5%

58.0%

36.5%

64.2%

9,317

30,275

58,669

104,413

140,846

133,808

103,151

176,491

9,287

30,243

58,614

104,313

140,764

133,662

103,105

176,329

30

32

55

100

82

146

46

162

n/a

n/a

n/a

n/a

n/a

1

n/a

1

364

789

910

2,373

4,384

3,045

2,019

4,593

15

I-voters among eligible voters I-voters among participating voters I-votes among advance votes I-votes cast abroad among Ivotes I-voting period Share of Ivotes that were verified by the voter

2005 Local Elections

2007 Parliamentary Elections

2009 European Parliament Elections

2009 Local Elections

2011 Parliamentary Elections

2013 Local Elections

2014 European Parliament Elections

2015 Parliamentary Elections

0.9%

3.4%

6.5%

9.5%

15.4%

12.3%

11.4%

19.6%

1.9%

5.5%

14.7%

15.8%

24.3%

21.2%

31.3%

30.5%

7.2%

17.6%

45.4%

44%

56.4%

50.5%

59.2%

59.6%

n/a

2% 51 countries

3% 66 countries

2.8% 82 countries

3.9% 105 countries

4.2% 105 countries

4.69% 98 countries

5.71% 116 countries

3 days

3 days

7 days

7 days

7 days

7 days

7 days

7 days

n/a

n/a

n/a

n/a

n/a

3.4%

4.0%

4.3%

2.4 The impact of Internet Voting Estonia has implemented Internet Voting in eight consecutive elections. It was the first country, in 2005, to introduce remote electronic voting in pan-national binding elections and was leading a kind of “race” at the beginning of the 2000s for introducing remote electronic methods in elections (Maaten 2004; Kersting 2004b; Madise and Martens 2006). The number of Internet Voters has been rising from the beginning, reaching more than 176,000 voters and comprising more than 30% of all given votes in the 2015 parliamentary elections. Internet Voting started low, with only 9,317 I-voters, but began to grow in the following implementations. The low start and the following step-by-step rise in numbers could be explained by Rodgers’ theory on the diffusion of innovation (Vassil et al. 2014). The number of eligible voters and turnout numbers are distinctively different per election type. For example, European Parliament election turnout is also by general measures (Ehin et al. 2013) lower than in other election types, like local or national elections. Therefore, the absolute numbers as seen in Figure 1 have fluctuated per election type after reaching the highest level in the 2015 parliamentary elections.

16

100 80 60 40 20 0

140,846 

176,491 

133,808 

103,151 

104,413  58,669  9,317  1.9 2005 local

30,275  5.5 2007 national

14.7 2009 EP

15.8 2009 local

24.3

21.2

31.3

30.5

2011 national

2013 local

2014 EP

2015 national

Share of I‐voters

180 000 150 000 120 000 90 000 60 000 30 000 0

No of I‐voters

Figure 1. Number of I-voters and share of I-voters from all voters in 2005-2015 However, the share of Internet Voters among all voters has shown a steady rise despite the absolute number fluctuations, having risen to over 30% in the last two elections. Moreover, Internet Voting is offered for a seven-day period during advance voting, and since 2011, there have been more electronic advance voters compared to paper advance voters (Heinsalu et al. 2012 and Table 1). This process has had an impact on the papervoting organization by putting the local governments under pressure to reduce the number of polling stations, as the attendance numbers have decreased, especially in rural areas. The effect is emphasized by the finding that the relative distance from the polling station has a clear correlation to the use of Internet Voting (Vassil and Solvak 2015). When looking at the impact of the Internet Voting results, at least three categories could be distinguished: firstly the impact on the election turnout, whether adding a new voting method raises the turnout; secondly the effect of socio-demographic factors on the use of Internet Voting; and thirdly the relation of Internet Voting and the election results. Scientific reports on Estonian Internet Voting have been compiled after all eight elections (Trechsel and Vassil 2011; Vassil and Solvak 2015), and the results have been publicly discussed and are available on the EMB webpage. One of the most frequent questions with any novelty electoral solution is the impact on turnout. Without a doubt, the hope to have a positive influence on the general turnout was one of the claimed aims in the early discussions of I-voting in Estonia (VIII). Nevertheless, it is difficult to assess the actual impact of Internet Voting on turnout because a direct comparison of the same election with and without I-voting is not possible. Perhaps a better question to be asked is what share of the electorate would not have participated in the voting, if the Internet Voting opportunity had not been provided. Unfortunately, only voter survey results can be used here. One exception is the case when Internet Voting is the only possibility for the voter and he/she uses this possibility. In the local elections, Estonia does not provide for voting from abroad by postal ballot or at a diplomatic representation, therefore voting over the Internet is the only voting method abroad (IV). The number of I-voters from abroad has grown after every election (Table 1). 17

The relation of the absolute number of I-voters and the general turnout has not been a linear one. Scientific surveys (Trechsel and Vassil 2011 and Vassil and Solvak 2015) have shown that most Internet Voters are actually paper voters who decide to switch the voting method; only a relatively small number of voters have started voting because of such a possibility. In 2005, I-voting seems to have had a slight effect on the increase in the turnout of voters who sometimes vote and sometimes do not. In 2007, already approximately ten percent of the questioned I-voters said that they certainly or probably would not have voted without having had the possibility to vote via the Internet (Trechsel 2007). Trechsel and Vassil show (in 2011) that the percentage of the I-voters questioned who certainly or probably would not have voted without having had the possibility to vote via the Internet has risen to 16.3%, which allows for the conclusion that the overall turnout might have been as much as 2.6% lower in the absence of such a method of voting. That is already a significant marker when one looks at the impact of Internet Voting on the overall turnout (IV). Another interesting question is whether Internet-based voting shows any difference of representation within social groups. Remote electronic voting removes physical barriers hindering participation in elections of the aged, disabled or other groups with restricted mobility or ones that have difficulty in attending polling stations (e.g. persons having tight work schedules or working, studying or travelling abroad, parents of small children and persons living in regions with poor infrastructure), assuming, of course, that these people have access to the Internet. Trechsel et al. and later Vassil and Solvak have concluded in their reports following the experience of Internet Voting from 2005 to 2015 that education and income, as well as type of settlement have been insignificant factors when choosing the Internet instead of other voting channels (Trechsel and Vassil 2011; Vassil and Solvak 2015). One of the most important findings of the studies researching I-voting predictors until the 2009 elections has been that it is not so much the cleavage between the Internet access haves and have-nots, but clearly computing skills and frequency of Internet use. However, since the 2009 local elections, where more than 100,000 voters used Internet Voting, those factors have become non-detectable (Trechsel and Vassil 2011). Confidence (trust) in the I-voting system and procedure has been the most significant factor throughout the years that directs the voters’ choice in using a remote electronic voting method (Carter and Campbell 2011; Volkamer et al. 2011; Spycher et al. 2012). Vassil et al. (2014) have also claimed that based on empirical analysis at least a three-election period has to be studied to have adequate results for assessing the impact of different features on Internet Voting. The question for political parties is whether the use of I-voting has an influence on the overall election results. Estonian parties that have favored I-voting in their campaigns and supported this voting method, have received more I-votes compared to those parties not supporting the use of I-voting. However, studies have shown that political left-right auto-positioning does not play an important role when choosing a voting channel 18

(Trechsel and Vassil 2011). In a separate study on the possible bias of I-voting on election results a similar conclusion was drawn – I-voting is politically neutral and does not have a direct impact on the election results (Vassil 2014). In conclusion, a steady rise in the use of Internet Voting in Estonia was seen until the 2011 general elections; after that, the absolute number of voters has been fluctuating because of the nature of the elections it is used in, but the share of I-voters has kept on rising. Additionally, in advance voting, since 2011 I-voting has been more popular than traditional paper voting. When looking at the impact factors it can be seen that only a small amount of I-voters are completely new voters, the majority of I-voters are converted paper voters. A stronger impact could be made out in local elections, where Ivoting is the only voting method from abroad. Additionally, socio-demographic features in determining the use of I-voting have been fading since the 100,000-voter hurdle was broken in 2009. Nevertheless, the factor of confidence (trust) in the system and procedures has stayed the most important determinant of I-voting use. Finally, several studies have looked into the political influence of I-voting and have found that I-voting is politically neutral and does not bring about biased results in elections. However, one should refrain from drawing conclusions on the impact of Internet Voting based solely on one execution of the method. At least three elections have to be analyzed to see the effects unfolding (Vassil and Solvak 2015).

2.5 Comparison with experience from Switzerland and Norway The Internet Voting landscape has been quite active (E-Voting.CC 2015; Stein and Wenda 2014; Kersting 2004b; Barrat et al. 2012b; Krimmer and Kripp 2009). Remote electronic voting has been utilized on some level in more than twenty countries, and several countries analyze possible implementation (Faraon et al. 2015). The largest steps in Europe and maybe even worldwide have been made (beside Estonia) in Switzerland and Norway. Therefore, the experience of these two countries is analyzed next. Switzerland, as a confederation, hosts its online elections mainly in the cantons. With postal voting being a long-time favorite in a country where elections and referendums are held often, the step to online solutions was not far-fetched. Different cantons have had pilots and try-outs since the early 2000s. Currently three different technical voting systems are in use, and more than half of the Swiss cantons use Internet Voting on some level of their electoral activity. Identification is based on unique passwords, and individual verification is offered. Since 2008, voting is also offered for Swiss expatriates. Similar to Estonia, the Swiss reached a stable user experience at the beginning of the 2010s and are today looking for possibilities to enhance their (different) systems by making them more transparent, observable and verifiable. The Swiss experience has also been studied by Schweizer Bundesrat (2002; 2006; 2013), Kersting (2004b), Gerlach and Gasser (2009), Driza Maurer et al. (2012), OSCE/ODIHR (2012b) and Serdült et al. (2015).

19

Norway started its Internet Voting project with two pilots, the first in the 2011 local elections and the second in the 2013 general elections. Both pilots were held in a small number of local-government units. Norway implemented the system after rigorous constitutional analysis and an international public tender (Ansper et al. 2009). From the beginning, recorded as cast verifiability was implemented, and a large effort was deployed to ensure public trust with the latest security solutions for the system. Technically and from the public perspective, both pilots were perceived as successful. However, after some evaluation, the Norwegian government decided to discontinue Internet Voting pilots due to possible risks in the system’s security with the underlying reasons being the change in political leadership and the lack of trust the politicians held for the system. The Norwegian pilots are discussed in detail by OSCE/ODIHR (2012a; 2013b), Stenerud and Bull (2012), Barrat et al. (2012a) and Markussen et al. (2014). As seen in Table 2, there is no single working solution for introducing Internet Voting. The compared countries show differences across the board and are/were nevertheless able to implement Internet Voting in their respective countries.

Table 2. Comparison of main features in the Estonian, Swiss and Norwegian Ivoting experience. Authentication method

Estonia eID

Verifiability

Snap implementation, nationally Individual

Multiple vote casting

Yes

Implementation style

Switzerland Passwords through postal system Step-by-step, canton-based

Norway Unique ID tied with mobile phones Step-by-step, only limited pilots

Individual

Individual and universal Yes

No

2.6 Summary of the Estonian implementation experience To sum up this chapter, the Estonian experience in implementing Internet Voting could be seen in three stages, where firstly constitutional debate and introduction of the novelty system took place, after five elections a refreshment of the legal stipulations was in order and additional measures for more transparency and accountability in the system were debated about, and lastly a three-election period could be distinguished where a new level of verifiability was applied and a gap between elections ushered in a new discussion about additional measures of confidence. What can be learnt from the Estonian experience to date is that the build-up of Internet Voting turnout takes time, as does looking at the diffusion of any innovative solution. 20

Additionally, the effects and impact of the added voting method will not appear after the first application; it has been claimed that at least three elections have to be taken into account. As for the impact of the Estonian system, it has been found that introducing Internet Voting has had a slightly positive influence on the general turnout, but most Internet Voters are former paper voters who started using a different method of voting. However, in specific groups (like abroad voters) the effect on turnout is present. Different socio-demographic values, like type of settlement or rate of computer use, were important determinants of I-voting before the 2009 elections, but they have become irrelevant since. The principal important factors for voters to choose I-voting through all elections have been trust and confidence in the solution. When comparing the Estonian experience and solution to Switzerland and Norway, it can be seen that no single characteristic makes up a working system, and verifiability and trustworthiness are features other implementers are investing in as well. Each Internet Voting system has been developed in line with the needs of the actual context it was implemented in. Therefore, this does not allow for generalizing based on individual features; it is the complete solution that needs to be looked at. What can be learnt from Norway is that the ways of implementation are irrelevant if the politicians are not convinced that the election results would remain the same regardless of the new voting channels.

21

3. Building voter confidence in Estonian Internet Voting Trust and confidence have been shown to be the top determinants of Internet Voting use (see chapter 2.4). Therefore, we have to look at the factors that enhance the belief of the user that the solution at hand is trustworthy. The voter, who in the case of Internet Voting is the actual user, has to be confident that the system cannot be manipulated and the election organizers follow the prescribed rules and operate the system correctly so that the systems’ results reflect the actual will of the voters and thereby mirror the aggregated results of the elections correctly. In article I a model, consisting of three factors has been developed: (1) confidence in the overall e-government system, (2) confidence in the token of identification and (3) confidence in the EMB. The terms used in the articles have been further developed, in particular by redefining trust as a factor of confidence in the various stakeholders and used tokens.1 In the following, the revised and extended factors are presented.

3.1 Confidence in the e-government The first factor of the model takes into account an open and receptive society and discusses the relation of the general reception of the society of an e-solution provided by the state. With its re-independence at the beginning of the 1990s, Estonia started many processes anew, forcing the Estonian society to adapt to rapid changes and an open vision. This gives the Estonian society a slight advantage in adopting new solutions (Kalvet 2012). According to the latest Global Information Technology Report (WE Forum 2015), the overall ranking of Estonia in the Networked Readiness Index is 21st; in the category of government success in ICT promotion Estonia ranks in 13th place, ahead of such IT giants as the US, Finland, Korea or Japan. In the category of assessed quality of governmental e-services, Estonia reaches a high fifth place. Since 2010, the official publication of Estonian legal acts, State Gazette, is electronic, which means that legal acts are published only on the Internet. In addition, tax declarations in Estonia are issued fully electronically in up to 95% of the cases (Estonian Tax and Customs Board 2015), and online banking has taken full precedence over traditional banking. All these are signs of acceptance of e-services in the society (I). An important factor explaining the possibility to launch wholly new solutions like the official virtual identity or Internet Voting is the smallness of the country. Lennart Meri, the former president of Estonia compared Estonia to a small boat in one of his speeches: “A super tanker needs sixteen nautical miles to change her course. Estonia, on the contrary, is like an Eskimo kayak, able to change her course on the spot.” (Meri 2000). Therefore, as the number of actual voters is around 1 million (Table 1), and there is 1

The meaning of the term “trust” in the articles was adopted from the survey design of Trechsel and Vassil (2011) and can be understood as confidence in the different stakeholders involved in Estonian Internet Voting.

22

generally a positive notion towards innovation, such ideas as Internet Voting could be addressed more actively. In addition, the use of online ICT solutions in alternative democratic measures (e.g. participatory budget initiatives) further enhances the citizens’ commitment and confidence in using e-methods in general (see Peixoto 2009; Raudla and Krenjova 2013). In the context of this model, this first factor could be summarized as confidence in the general governmental environment where the I-voting solution is implemented.

3.2 Confidence in the token of authentication The second factor of confidence is formed by secure online authentication methods. The cornerstone of Estonian e-services, public as well as private, is eID. Since 2002, the ID card (together with other eID tokens) is the new generation’s primary identification document. All Estonian citizens and residents above fifteen must have an ID card, which is issued by the government and contains certificates for remote authentication and digital signature (Identity Documents Act 1999). The number of issued eIDs has exceeded 1 Million, providing all Estonians with the possibility to use secure online services. Approximately half of the cardholders (507,606 persons in May 2015) actively (during January-May 2015) use the eID functionality of their ID cards (Certification Centre 2015). Here it has to be noted that Internet Voting has strongly promoted the electronic use of ID cards (VI). Another important promoting factor has been the agreement between banks to allow Internet banking only with an ID card or a PIN calculator. The old one-time password cards can be used only for relatively small (in case of Swedbank 200 EUR per day) transactions (Schreiber and Kosienkowski, 2015). Therefore also international banks trust eID as a credible method of online authentication. Parliamentary debate over eID cards raised several privacy and security questions, but the parties supporting compulsory eID commanded the majority of votes (VIII). The most controversial questions were possible risks of identity theft and overall IT security. To prevent the use of the ID card issued to another person, respective provisions were added to the legislation. According to the law, fraudulent use of the ID card is punishable by a fine (Penal Code 2001). Therefore, confidence in the token of identification and in the authorities and services connected with the token are crucial in the overall confidence-building of a remote electronic system.

3.3 Confidence in the electoral principles and the EMB The third, and arguably the most important factor can be understood as the effective measures to guarantee compliance and similarity with traditional electoral principles, as well as the confidence that the election organizers (in the Estonian case the National Electoral Committee) are able to guarantee these principles. The I-voting procedure has 23

been adapted to similar schematic rules compared to traditional voting. The doubleenvelope system (V), known from many voting systems (in particular postal voting) around the world, has been implemented as a logical structure in the electronic form of voting. The similar nature and the ability for the voter to relate to this system helps building trust to a novelty idea such as I-voting (Maaten and Hall 2008). Evidently, confidence in the EMB is the strongest indicator in showing voters they can confidently use the system. Therefore, additional emphasis is laid in the thesis on offering an insight into the possibilities that were used in Estonia for guaranteeing the confidence of the voter in the EMB and the used I-voting solution. The methods that have been used in Estonia to increase voter understanding of and confidence in the I-voting system in an attempt to overcome any concerns about the lack of transparency and complexity are diverse. Eight particularly important features could be differentiated. As the first measure, in order to validate an electronic voting system, certification or verification procedures, testing and auditing can be considered (Council of Europe 2004). The development and importance of Internet Voting verifiability has been discussed earlier (see chapter 2.2). In 2013, first steps of verifiability were added to the system, and it has been used for three consecutive elections. Additional measures of verifiability are likely to be added to the system in the future. Verifiability, especially individual verifiability, where the voter can personally get information about the safe acceptance of the vote, helps the voter to understand the inner procedures of the voting solution and allows for the EMB to claim widespread soundness of the election conduct and results (Heiberg and Willemson 2014). However, the risk of receiving false-positive malignant claims of unsuccessful verifications might occur so that the EMB has to have a procedure at hand to take appropriate measures. Secondly, in most of the e-enabled elections in Estonia, the EMB has allowed all voters to test out the I-voting system prior to the voting period in order to encourage people to see how the system works, calling them mock or demo elections. This has helped the voters detect any problems they might encounter before the real I-voting period has started. In Estonia, the primary concerns among the country’s election officials, outside observers, political parties and citizens relate to the acquisition of the hardware and software needed to use an ID card on a personal computer, updating expired ID card or Mobile-ID certificates and the renewal of PIN codes needed for the electronic use of the ID card or Mobile-ID. System-testing prior to elections is also an important factor in order to control the functionality and accuracy by contracted testers, auditors, observers and by the public (IV). Thirdly, the Estonian I-voting system was developed with the principle that all components of the system should be transparent for audit purposes: procedures are fully documented, and critical procedures are logged, audited, observed and videotaped (since 24

2013 also published on Youtube) as they are conducted. A separate procedural audit by Certified Information Systems (CISA) auditors is procured by the EMB for every election. The scope of the audit is to ensure the validity of performed procedures compared to the handbooks and technical documentation of I-voting. Additionally, auditors review and monitor security-sensitive aspects of the process, such as updating the voters list, preparation of hardware and its installation, loading of election data, maintenance and renewal of election data and the process of counting the votes (VII). Fourthly, it is a common requirement that the source code of an information system is available for public audit (Council of Europe 2004). In Estonia, though, until 2013, the source code of the I-voting solution was not universally available, but one could access it by signing a non-disclosure agreement with the EMB. However, after the second legal debates of 2012, the source code of all central servers of the voting system as well as the software of the vote verification application has been made available on the Internet (EVC 2013). Fifthly, according to the Estonian electoral law, all procedures related to elections are public. Observers have access to the meetings of all election committees and can follow all electoral activities, including the voting procedures, counting and tallying of results. Internet Voting has been no different. All significant documents describing the I-voting system have been made available for the public (NEC 2015b), including observers. In order to enhance the observers’ knowledge about the system, political interlocutors are invited to take part in a training course before each election. Besides political parties, auditors and other persons interested in the I-voting system can take part in the training. Observers are also invited to participate in test elections during the setup phase (V). Sixthly, it is important that observers be deployed for a length of time to allow meaningful observation. If some important stages influencing the correctness of the final results have not been observed, the conclusions about the integrity of the system cannot be made. Especially for foreign observers, the length of the observation period appears to be a challenge. The OSCE reported on Estonian Internet Voting in 2007, 2011 and 2015 (OSCE/ODIHR 2007; 2011; 2015) and in the 2011 report states, “The OSCE in general found widespread trust in the conduct of the Internet Voting by the NEC [National Electoral Committee]. However, … more detailed and formal control of software installation and reporting on testing of the Internet Voting system could further increase transparency and verifiability of the process.” (OSCE/ODIHR 2011). As a direct result in 2012 the process of added transparency was created. Therefore, international observation is an influential and important source for getting feedback and peer review from the international community, which helps building general confidence in the EMB and the used voting methods. Seventhly, as an additional element of transparency, the number of I-voters was regularly published on the I-voting website (www.valimised.ee). This very simple process allowed the wider audience, as well as political parties and media to follow how many I-voters 25

had voted and to determine if the trend in the number of I-voters casting ballots seemed reasonable. Eighthly, in order to convince voters that their votes had been correctly registered, they had the option to check whether their I-voting fact had been reflected on the polling lists on Election Day in order to prevent voting more than once. In addition to verification itself, a second option for confirming the arrival of an I-vote has been possible during the I-voting period. If the voter decided to replace the I-vote with a new one, he was notified in the voting application of a previously recorded I-vote being stored in the central system (IV). There are many different possibilities to give the wider audience additional confidence in the procedures and organization of remote electronic elections. In summary, eight important features could be distinguished: I Technical features (1) Introducing stages of verifiability (both individual and universal) (2) Introducing procedural audit measures (3) Publishing the source code of the system II User experience features (4) Providing mock elections for the public (5) Providing safeguarding procedures for the voter to check the I-voting fact (6) Publishing the number of I-voters during the voting process III Observation related features (7) Inviting and training domestic I-voting observers (8) Inviting and accepting international observers

3.4 The House of Confidence To conclude, the topic of confidence-building in the Estonian Internet Voting experience was looked at in three distinctive factors. It is important to reiterate the importance of each of the three sets of features, as functioning in a complex structure provides for the necessary confidence. Based on the previous discussion, an original concept model called The House of Confidence (HoC) was developed for this thesis (Figure 2). This is the first attempt to conceptualize the features of confidence-building based on the actual Estonian 26

experience. The theoretical essence of the HoC touches upon the concept of the “Evoting Mirabilis”, developed by Krimmer (2012). From the Mirabilis four-way categorization, the first pillar of HoC stands for politics/technology, the second pillar for technology/society and the third pillar, the broadest one, for the technology/law/society aspects of the contextual factors presented by Krimmer (2012).

Figure 2. House of Confidence (further developed from I and V) Confidence in the Internet Voting system stands on three pillars where the first two – the general e-government environment and the e-identity – are more underlying components, whereas the third – EMB and I-voting system – forms the backbone of confidence in the concept of Internet Voting. The third pillar offers the most possibilities to enhance public confidence by smart procedural and system-related choices listed in the previous sub-chapter. Similarly, former OSCE/ODIHR Director Lenarčič has compared electoral processes to a house (Lenarčič 2010). He discussed that if elections [electoral processes] are fraudulent, i.e. the foundation of the house is not solid, then no matter how well the house is built, it will crumble. Therefore, if any of the three pillars show signs of weakness and do not guarantee the confidence of the voter, the House of Confidence, supporting the nominal Internet Voting “roof” concept, could be in danger of collapsing. 27

Conclusion and outlook In conclusion, what the Estonian experience, so far, has shown is that it has been implemented as a credible voting method. The channel has also become a solid part of the Estonian so-called “e-stonia” narrative. Many news articles about Estonia in the international media define the country by its e-capability in the electoral field (e.g. NY Times 2014; BBC News 2013). Nevertheless, in order to see beyond the shiny surface presented in the newscasts, questions that are more detailed need to be asked. Therefore, the main question in this dissertation, how Estonia has managed to implement remote electronic voting as an established and credible voting channel, was looked at by means of three sub-questions. - How constitutionally and legally sound are the Estonian solution and the implementation practices? - How has the Estonian Internet Voting system developed over the course of its implementation, and what impact did it have? - What factors have helped building confidence into the Estonian system? The constitutional foundation of the Estonian Internet Voting lies in the 2005 constitutional debate, which has maintained its position throughout the years of the implementation of Internet Voting in Estonia. The principle of the “virtual voting booth” as a guarantee for freedom and the understanding of teleological secrecy of voting have become the cornerstones of the Estonian system. The electoral complaints hold an important role in presenting possible challenges with the use of Internet Voting. During the first ten years of implementation, complaints on equality, secrecy, technical uniformity, procedural soundness and security of the system have been raised. However, so far no violations have been found in the complaints process. According to the assessment of the Supreme Court, the Estonian I-voting system is in general compliance with the constitutional provisions. The soundness of the implementation practices depends heavily on the undertaken measures – like processes of verification and auditing – for single elections. It is important to emphasize that the Internet Voting system and the appropriate measures need constant upgrading and development to fit constitutional criteria. The Estonian experience in implementing Internet Voting could be seen in three chronologic stages – firstly the constitutional debate and the introduction of the I-voting system; secondly a refurbishing of the legal stipulations after five elections and additional measures for a more transparent and accountable system; and lastly a threeelection period where a new level of verifiability was applied and a gap between elections ushered in new discussions about additional measures of confidence. What can be noted from the Estonian experience to date is that Internet Voting turnout build-up takes time; the development is the same as looking at the diffusion of any innovative solution. Additionally, the effects and impact of the added voting method will not implicitly show after the first application; it has been claimed that at least three 28

elections have to go by to make any conclusions. As for the impact of the Estonian system, it has been found that introducing Internet Voting has had a slight positive influence on the general turnout, but mostly Internet Voters are paper voters who started using a different voting method. However, a positive effect on turnout in specific groups, like abroad voters, could be brought out. Different socio-demographic values, like type of settlement or rate of computer use, were important determinants of I-voting before the 2009 elections, but have lost its importance since. The principal significant factors for voters to choose I-voting through all elections have been trust and confidence in the solution. The short comparison with two other implementing countries (Switzerland and Norway) shows that there is no unified understanding of how a remote electronic voting solution should be implemented. For instance, using the postal system to send vital parts of the identification scheme would be unthinkable in Estonia. Therefore, context matters in the way every country finds its best practice in introducing such a novelty solution. As trust and confidence have been found to be the most important factors for the voter to choose I-voting over other voting methods, a model called House of Confidence was designed. Confidence in the Internet Voting system stands on three pillars, where the first two – the general e-government environment and the e-identity – are more underlying components, whereas the third – EMB and the I-voting system – forms the backbone of confidence in the concept of Internet Voting. The third pillar also offers the most possibilities to enhance public confidence by smart procedural and system-related choices like verifiability, emphasis on auditing, testing and overall transparency and domestic and international observation. However, if any of the three pillars show signs of weakness and do not guarantee the voters’ confidence in elections, the House of Confidence, supporting the nominal Internet Voting “roof” concept, could be in danger of collapsing. Therefore, all of the pillars should be equally important in sustaining the confidence of the voter in Internet Voting. The topics discussed in the thesis will undoubtedly be analyzed also in the future. The ten-year period of continuous application of such voting method offers great opportunity for research and every added implementation shall provide additional data and possibilities for more complex analysis for the researchers. Estonia serves as a benchmark for any other country to come, therefore, continuous and comparable research should follow all elections that make use of Internet Voting in the future. The most interesting avenues of further research lie in the implementation of added verifiability and the perceived impact of the solutions. Every step of added verifiability beyond the currently implemented recorded as cast level offers valuable insight into the practical applicability of theory-driven solutions of verification. Moreover, the relation of added verifiability and the voters’ confidence and trust should be examined. Sociological research on the topic of voters’ confidence could also be more specified, providing better insights into the separate factors of the House of Confidence and possibly identifying additional reasons for the voters’ confidence in Internet Voting.

29

Additionally, the role of international standards, especially the applicability of the renewed recommendation Rec(2004)11 (Council of Europe 2004) in the legal process of those countries which are adding provisions of remote electronic voting to their electoral legislation, should be researched. This would give insight into the possibility of harmonization of principles in different legal structures and democratic environments. In addition, from the legal perspective, a comparative analysis on appeal and complaint stipulations and case practice in different I-voting countries would allow for a more detailed look on how and with what limitations constitutional principles are guaranteed in different systems. On a more general note, in order to get invaluable feedback on the possibility of implementing Internet Voting, it could be taken from the realm of the idealistic drawing boards of scientists and engineers and put to the test in the actual environment. The context in which this system is launched has to have at least the basic prerequisites to successfully build the confidence of the society. Internet Voting is by essence a solution that divides the interested parties. A solution that redefines hundred-year-long perceptions of acceptable democracy has to do as much. Discussions about the acceptability of such a solution started earlier than the Estonian system was implemented and surely influenced the development of the system (e.g. Buchsbaum 2004; Buchstein 2004). Nevertheless, the criticism of the system could be motivated by different reasons. The politicians’ understanding of the impact of remote electronic voting can never be underestimated. The biggest fear is to be suspected of unwanted influence on their electorate, e.g. the fear of lost votes. However, although the bias question has been answered scientifically, fear stays. The IT specialists and scientists are more likely to be influenced by the yearning for the perfect system, for a solution where most of the theoretical threats would be neutralized. However, in practice the perfect system exists only on paper. Legal scientists have to protect the core principles of elections. Although, as put forward in the beginning, universal suffrage demands new and innovative solutions, these solutions have to be balanced over universality and other principles like equality, secrecy etc. An interesting question comes to mind, whether not offering the best possible access to elections, i.e. implementing remote voting solutions, would be unconstitutional and not in compliance with the constitutional principles. Therefore, imagine the election organizer fitted with the task of organizing remote eenabled elections; all these different aspects have to be considered, and these theoretical implications are vital. The context in which elections are organized matters. Because without taking into account the democratic environment of the country, the solutions would not evolve in the right direction, of becoming more transparent, more observable and more in balance with all of the electoral principles. This thesis aims to add information to all fields of interest, to any other scientist or any other country considering such solutions.

30

References Alvarez, M., T. Hall and A. Trechsel. 2009. “Internet Voting in Comparative Perspective: The Case of Estonia.” PS: Political Science & Politics 42, 497-505. Ansper, A., S. Heiberg, H. Lipmaa, T.A. Øverland and F. Van Laenen. 2009. “Security and Trust for the Norwegian E-Voting Pilot Project E-valg 2011.” In A. Jøsang, T. Maseng, S.J. Knapskog (eds.). Identity and Privacy in the Internet Age. Berlin/Heidelberg: Springer, pp. 207-222. Barrat, J., M. Chevalier, B. Goldsmith, D. Jandura, J. Turner and R. Sharma. 2012a. “Internet Voting and Individual Verifiability: The Norwegian Return Codes.” In M. Kripp, M. Volkamer, R. Grimm (eds.). Proceedings of the 5th International Conference on Electronic Voting (EVOTE2012). Bonn: GI, 35-45. Barrat, J., B. Goldsmith and J. Turner. 2012b. International Experience with E-Voting. Stockholm: IFES Foundation. BBC News. 2013. “How Estonia became E-stonia.” Available http://www.bbc.com/news/business-22317297 (last accessed 31 May 2015).

at

Bochsler, D. 2009. “Can the Internet Increase Political Participation? An Analysis of Remote Electronic Voting’s Effect on Turnout.” Available at http://pdc.ceu.hu/archive/00005913/01/bochsler-web_1.pdf (last accessed 31 May 2015). Braun, N. 2006. Stimmgeheimnis: Eine rechtsvergleichende und rechtshistorische Untersuchung unter Einbezug des geltenden Rechts. Bern: Stämpfli Verlag. Buchsbaum, T. 2004. “E-Voting: International Developments and Lessons Learnt.” In Alexander Prosser and Robert Krimmer (eds). Electronic Voting in Europe Technology, Law, Politics and Society. LNI P-47, Bregenz: GI, 31-34. Buchstein, H. 2004. “Online Democracy, Is it Viable? Is it Desirable? Internet Voting and Normative Democratic Theory.” In N. Kersting and H. Baldersheim (eds). Electronic Voting and Democracy: A Comparative Analysis. Basingstoke: Palgrave Macmillan, 39-58. Carter, L. and R. Campbell. 2011. “The Impact of Trust and Relative Advantage on Internet Voting Diffusion.” Journal of Theoretical and Applied Electronic Commerce Research 6(3), 28-42. Castells, M. 2007. “Communication, Power and Counter-Power in the Network Society.” International Journal of Communication [S. l] 1, 29.

31

Certification Centre. 2015. Response to a query about the latest statistics of the electronic use of ID cards, issued 19 June 2015 via e-mail. Constitutional Committee. 2011. Minutes of the session of 9 June 2011 of the Constitutional Committee of the Estonian Parliament. Available at http://www.riigikogu.ee/download/6ca49b18-e6ec-b9f7-8e88-826d5d8ef5a4 (last accessed 31 May 2015). Council of Europe. 2004. Recommendation Rec (2004) 11 “Legal, Operational and Technical Standards for I-voting” of the Council of Europe. Available at http://www.coe.int/t/dgap/democracy/activities/ggis/evoting/key_documents/Rec(2004 )11_Eng_Evoting_and_Expl_Memo_en.pdf (last accessed 31 May 2015). Draft law 186 SE. 2012. The draft law for amending the election acts, number 186 SE, Estonian Parliament, adopted 17 October 2012. Available at http://www.riigikogu.ee/tegevus/eelnoud/eelnou/abc6bd69-0c8f-4012-86169277a7cbfec8/Riigikogu%20valimise%20seaduse%20ja%20teiste%20seaduste%20mu utmise%20seadus/ (last accessed 31 May 2015). Drechsler W. 2006. “The Estonian E-Voting Laws Discourse: Paradigmatic Benchmarking for Central and Eastern Europe.” NISPAcee Occasional Papers in Public Administration and Public Policy 5(2), 11-17. Drechsler, W. and V. Kostakis. 2015. “Should Law Keep Pace With Technology? Law as Katechon.” Bulletin of Science, Technology & Society 0270467615574330. Drechsler, W. and Ü. Madise. 2002. “E-Voting in Estonia.” Trames 6(3), 234-244. Drechsler, W. and Ü. Madise. 2004. “Electronic Voting in Estonia.” In N. Kersting and H. Baldersheim (eds). Electronic Voting and Democracy: A Comparative Analysis. London: Palgrave Macmillan, 97-108. Driza Maurer, A., O. Spycher, G. Taglioni and A. Weber. 2012. “E-Voting for Swiss abroad: A Joint Project between the Confederation and the Cantons.” In M. Kripp, M. Volkamer, R. Grimm (eds.). Proceedings of the 5th International Conference on Electronic Voting (EVOTE2012). Bonn: GI, 173-187. Ehin, P., Ü. Madise, M. Solvak, R. Taagepera, K. Vassil and P. Vinkel. 2013. Independent Candidates in National and European Elections: Study. Brussels: European Union. Available at http://www.europarl.europa.eu/RegData/etudes/etudes/join/2013/493008/IPOLAFCO_ET(2013)493008_EN.pdf (last accessed 31 May 2015). Estonian Tax and Customs Board. 2015. “Electronic Filing of Income Tax Returns is now Open.” Available at http://www.emta.ee/index.php?id=36597&tpl=1026 (last accessed 31 May 2015). 32

EVC. 2013. “The Source Code of the Estonian I-voting Solution.” Available at https://github.com/vvk-ehk/evalimine (last accessed 31 May 2015). EVC. 2015. “The Electronic Voting Committee Call for Proposals for Amending the Internet Voting Solution by 2017 Elections.” Available at http://www.vvk.ee/valimistekorraldamine/vvk-uudised/kutse-ideepaev-e-haaletamise-parenduseks/ (last accessed 2 June 2015). E-Voting.CC. 2015. “Map of E-Voting Usage in the World.” Available at http://www.evoting.cc/en/it-elections/world-map/ (last accessed 31 May 2015). Faraon, M., G. Stenberg, J. Budurushi and M. Kaipainen. 2015. “Positive but Skeptical: A Study of Attitudes towards Internet Voting in Sweden.” In: P. Parycek, M. Sachs and M. M. Skoric (ed.). CeDEM Asia 2014: Proceedings of the International Conference for E-Democracy and Open Government. Hong Kong, 4-6 December, 2014. Krems: Edition Donau-Uni Krems, 191-205. Gerlach, J. and U. Gasser. 2009. Three Case Studies from Switzerland: E-Voting. Internet & Democracy Case Study Series. Harvard: Berkman Center Research Publications. Available at http://cyber.law.harvard.edu/sites/cyber.law.harvard.edu/ files/Gerlach-Gasser_SwissCases_Evoting.pdf (last accessed 31 May 2015). Gronke, P., E. Galanes-Rosenbaum, P. A. Miller and D. Toffey. 2008. “Convenience Voting.” Annual Review of Political Science 11, 437-455. Heiberg, S. and J. Willemson. 2014. “Verifiable Internet Voting in Estonia.” In R. Krimmer and M. Volkamer (eds.). Proceedings of Electronic Voting 2014 (EVOTE2014). Tallinn: TUT Press, 7-13. Heiberg, S., P. Laud and J. Willemson. 2012. “The Application of I-voting for Estonian Parliamentary Elections of 2011.” In A. Kiayias and H. Lipmaa (eds). E-Voting and Identity: Third International Conference, VoteID 2011, Tallinn, Estonia, September 2830, 2011, Revised Selected Papers. Berlin/Heidelberg: Springer, 208-223. Heindl, P., A. Prosser and R. Krimmer. 2003. “Constitutional and Technical Requirements for Democracy over the Internet: E-Democracy.” In R. Traunmüller (ed.). Electronic Govenment. Berlin: Springer-Verlag, 417-420. Heinsalu, A., A. Koitmäe, M. Pilving and P. Vinkel. 2012. Elections in Estonia 19922011. Tallinn: National Electoral Committee. ICCPR. 1976. United Nations International Covenant on Civil and Political Rights. Available at http://www.ohchr.org/en/professionalinterest/pages/ccpr.aspx (last accessed 31 May 2015).

33

Identity Documents Act. 1999. Art 5 of the Identity Documents Act. Available at https://www.riigiteataja.ee/en/eli/513042015004/consolide (last 31 accessed May 2015). Joaquim, R., P. Ferreira and C. Ribeiro. 2013. “EVIV: An End-to-End Verifiable Internet Voting System.” Computers & Security 32, 170-191. Kalvet, T. 2012. “Innovation: A Factor Explaining E-Government Success in Estonia.” Electronic Government 9(2), 142-157. Kersting, N. 2004a. „Briefwahl im internationalen Vergleich.“ Österreichische Zeitschrift für Politikwissenschaft 33(3), 341-351. Kersting, N. 2004b. „Online-Wahlen im internationalen Vergleich.“ Aus Politik und Zeitgeschichte B18, 16-23. Krimmer, R. 2012. The Evolution of E-Voting: Why Voting Technology is Used and How it Affects Democracy. Tallinn: TUT Press. Krimmer, R. and M. Kripp. 2009. “The Use of Electronic Voting Around the World.” Modern Democracy 2, 8-9. Lenarčič, J. 2010 Address by Ambassador Janez Lenarčič, Former Director of the OSCE/ODIHR, at the OSCE Chairmanship Expert Seminar on the “Present State and Prospects of Application of Electronic Voting in the OSCE Participating States”, in Vienna, Austria on 16 September 2010. Available at http://www.osce.org/odihr/71361 (last accessed 31 May 2015). LGCEA. 2002. Local Government Council Election Act, passed on 27 March 2002. Electronic Voting regulation in Art. 50. Available at https://www.riigiteataja.ee/ akt/95225 (last accessed 31 May 2015). LGCEA. 2005. Amendments to the Local Government Council Election Act passed on 28 June 2005. Available at https://www.riigiteataja.ee/akt/938241 (last accessed 31 May 2015). Loncke, M. and J. Dumortier. 2004. “Online Voting: A Legal Perspective.” International Review of Law, Computers & Technology 18, 1. Maaten, E. 2004. “Towards Remote E-Voting: Estonian Case.” In Alexander Prosser and Robert Krimmer (eds). Electronic Voting in Europe Technology, Law, Politics and Society. LNI P-47. Bregenz: GI, 83-90. Maaten, E. and T. Hall. 2008. “Improving the Transparency of Remote I-voting: The Estonian Experience.” In R. Krimmer and R. Grimm (eds). Electronic Voting 2008. Bonn: Gesellschaft für Informatik. 34

Madise, Ü. 2007. Elections, Political Parties, and Legislative Performance in Estonia: Institutional Choices from the Return to Independence to the Rise of E-Democracy. Tallinn: TUT Press. Madise, Ü and T. Martens. 2006. “E-Voting in Estonia 2005: The First Practice of Country-Wide Binding Internet Voting in the World.” In R. Krimmer (ed.). Electronic Voting 2006. LNI P-87. Bregenz: GI, 27-35. Markussen, R., L. Ronquillo and C. Schürmann. 2014. “Trust in Internet Election: Observing the Norwegian Decryption and Counting Ceremony.” In R. Krimmer and M. Volkamer (eds.). Proceedings of Electronic Voting 2014 (EVOTE2014). Tallinn: TUT Press, 24-31. Meagher, S. 2008. “When Personal Computers are Transformed into Ballot Boxes: How Internet Elections in Estonia Comply with the United Nations International Covenant on Civil and Political Rights.” American University International Law Review 2008, 23. Mendez, F. 2010. “Elections and the Internet: On the Difficulties of ‘Upgrading’ Elections in the Digital Era.” Representation 46(4), 459-469. Meri, L 2000. Speech at the University of St Olaf Minnesota, U.S., 6 April 2000. Available at https://vp1992-2001.president.ee/est/k6ned/K6ne.asp?ID=3675 (last accessed 31 May 2015). Mitrou, L, D. Gritzalis, S. Katsikas and G. Quirchmayr. 2003. “Electronic Voting: Constitutional and Legal Requirements, and Their Technical Implications.” In D.A. Gritzalis (ed.). Secure Electronic Voting. Boston + Dordrecht: Kluwer Academic Publishers, 43-60. Mohammadpourfard, M., M. Doostari, M. Bagher Ghaznavi-Ghoushchi and H. Mikaili. 2014. “Design and Implementation of a Novel Secure Internet Voting Protocol Using Java Card 3 Technology.” International Journal of Business Information Systems 17(4), 414-439. Musiał-Karg, M. 2011. “The Theory and Practice of Online Voting. The Case of Estonia (selected issues).” Athenaeum. Polish Political Science Studies 29, 180-198. NEC. 2015a. “Estonian Internet Voting: General Description.” Available at http://www.vvk.ee/public/dok/General_Description_E-Voting_2010.pdf (last accessed 31 May 2015). NEC. 2015b. “Internet Voting Procedural Documents on the Estonian National Electoral Committee Webpage.” Available at http://www.vvk.ee/valijale/e-haaletamine/edokumendid/ (last accessed 31 May 2015). Nestås, L.H. and K.J. Hole. 2012. “Building and Maintaining Trust in Internet Voting.” Computer 45(5), 74-80. 35

NY Times. 2014. “Estonians Embrace Life in a Digital World.” Available at http://www.nytimes.com/2014/10/09/business/international/estonians-embrace-life-ina-digital-world.html (last accessed 31 May 2015). OSCE/ODIHR. 2007. OSCE/ODIHR Election Assessment Mission Report. Estonia. Parliamentary Elections 4 March 2007. Available at http://www.osce.org/odihr/elections/estonia/25925 (last accessed 31 May 2015). OSCE/ODIHR. 2011. OSCE/ODIHR Election Assessment Mission Report. Estonia. Parliamentary Elections 6 March 2011. Available at http://www.osce.org/odihr/77557 (last accessed 31 May 2015). OSCE/ODIHR. 2012a. OSCE/ODIHR Election Expert Team Report. Norway. Internet Voting Pilot Project Local Government Elections 12 September 2011. Available at http://www.osce.org/odihr/88577 (last accessed 31 May 2015). OSCE/ODIHR. 2012b. OSCE/ODIHR Election Assessment Mission Report. Swiss Confederation. Federal Assembly Elections 23 October 2011. Available at http://www.osce.org/odihr/87417 (last accessed 31 May 2015). OSCE/ODIHR. 2013a. OSCE/ODIHR Handbook for the Observation of New Voting Technologies. Available at http://www.osce.org/odihr/elections/104939 (last accessed 31 May 2015). OSCE/ODIHR. 2013b. OSCE/ODIHR Election Assessment Mission Report. Norway. Parliamentary Elections 9 September 2013. Available at http://www.osce.org/odihr/elections/109517 (last accessed 31 May 2015). OSCE/ODIHR. 2015. OSCE/ODIHR Final Report on Estonian Parliamentary Elections 1 March 2015. Available at http://www.osce.org/odihr/elections/estonia/160131 (last accessed 31 May 2015). Peixoto, T. 2009. “Beyond Theory: e-Participatory budgeting and its promises for eParticipation.” European Journal of ePractice, 7(5), 1-9. Penal Code. 2001. Chapter 19 Division 2 in the Penal Code. Available at https://www.riigiteataja.ee/en/eli/519032015003/consolide (last accessed 31 May 2015). Popoveniuc, S., J. Kelsey, A. Regenscheid and P. Vora. 2010. “Performance Requirements for End-to-End Verifiable Elections.” In D. Jones, J.-J. Quisquater and E. Rescorla (eds.). Proceedings of the 2010 International Conference on Electronic Voting Technology/Workshop on Trustworthy Elections. Berkeley: USENIX Association, 1-16.

36

Prosser, A. and R. Krimmer. 2004. “The Dimensions of Electronic Voting: Technology, Law, Politics and Society.” In A. Prosser and R. Krimmer (eds.). Proceedings of the Workshop on Electronic Voting in Europe. Bonn: GI, 21-28. Raudla, R. and J. Krenjova. 2013. “Participatory budgeting at the local level: Challenges and opportunities for new democracies.” Administrative Culture, 14-1, 18-46. Reiners, M. 2013. “E-Revolution. Actor-Centered and Structural Interdependencies in the Realization of Estonia’s Democratic Revolution.” Available at http://dr-markusreiners.de/cms/files/Texte/ZPol-eRevolution.pdf (last accessed 31 May 2015). Rüß, O.R. 2000. “Wahlen im Internet: Wahlrechtsgrundsätze und Einsatz von digitalen Signaturen.” Multimedia und Recht 3(2), 73-76. Schreiber, W. and M. Kosienkowski. 2015. Digital Eastern Europe. Wroclaw: Kolegium Europy. Schweizer Bundesrat. 2002. “Bericht über den Vote électronique. Chancen, Risiken und Machbarkeit elektronischer Ausübung politischer Rechte.” In Bundesblatt 2002. Bern. Schweizer Bundesrat. 2006. “Bericht über die Pilotprojekte zum Vote électronique.” In Bundesblatt 2006. Bern. Schweizer Bundesrat. 2013. “Bericht des Bundesrates zu Vote électronique. Auswertung der Einführung von Vote électronique (2006–2012) und Grundlagen zur Weiterentwicklung.” In Bundesblatt 2013. Bern. Serdült, U., M. Germann, F. Mendez, A. Portenier and C. Wellig. 2015. “Fifteen Years of Internet Voting in Switzerland [History, Governance and Use].” In L. Teran and A. Meier (eds.). Proceedings of the Second International Conference on eDemocracy & eGovernment (ICEDEG), 2015. Quito: IEEE, 126-132. Solop, F. 2004. “Digital Democracy Comes of Age: Internet Voting and the 2000 Arizona Democratic Primary Election.” In Norbert Kersting and Harald Baldersheim (eds). Electronic Voting and Democracy: A Comparative Analysis. London: Palgrave Macmillan, 242-254. Springall, D., T. Finkenauer, Z. Durumeric, J. Kitcat, H. Hursti, M. MacAlpine and J.A. Halderman. 2014. “Security Analysis of the Estonian Internet Voting System.” In G.-J. Ahn (ed.). Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 703-715. Spycher, O., M. Volkamer and R. Koenig. 2012. “Transparency and Technical Measures to Establish Trust in Norwegian Internet Voting.” In A. Kiayias and H. Lipmaa (eds). EVoting and Identity: Third International Conference, VoteID 2011, Tallinn, Estonia, September 28-30, 2011, Revised Selected Papers. Berlin/Heidelberg: Springer, 19-35. 37

Statista. 2015a. “More of the Same from Amazon.” Available at http://www.statista.com/chart/1299/amazons-revenue-and-profit-growth/ (last accessed 31 May 2015). Statista. 2015b. “Online Banking Penetration in Selected European Markets in 2014.” Available at http://www.statista.com/statistics/222286/online-banking-penetration-inleading-european-countries/ (last accessed 31 May 2015). Stein, R. and G. Wenda. 2014. “The Council of Europe and E-Voting: History and Impact of Rec(2004)11.” In R. Krimmer and M. Volkamer (eds.). Proceedings of Electronic Voting 2014 (EVOTE2014). Tallinn: TUT Press, 1-6. Stenerud, I. and C. Bull. 2012. “When Reality Comes Knocking: Norwegian Experiences with Verifiable Electronic Voting.” In M. Kripp, M. Volkamer, R. Grimm (eds.). Proceedings of the 5th International Conference on Electronic Voting (EVOTE2012). Bonn: GI, 21-33. Supreme Court. 2005. “Judgment Number 3-4-1-13-05 of the Constitutional Review Chamber of the Supreme Court.” Available at http://www.nc.ee/?id=381 (last accessed 31 May 2015). Trechsel, A. 2007. Internet Voting in the March 2007 Parliamentary Elections in Estonia. Report for the Council of Europe. Available at http://www.vvk.ee/public/dok/CoE_and_NEC_Report_E-Voting_2007.pdf (last accessed 31 May 2015). Trechsel, A. and K. Vassil. 2011. “Internet Voting in Estonia: A Comparative Analysis of Five Elections since 2005. Council of Europe and European University Institute, 2011.” Available at http://www.vvk.ee/public/dok/ Internet_Voting_Report_20052011_Final.pdf (last accessed 31 May 2015). Vassil, K. 2014. “Does Internet Voting Bias Election Results?” A Working Paper, accessible at http://kodu.ut.ee/~wass/wp-content/uploads/Bias_report.pdf (last accessed 31 May 2015). Vassil, K. and M. Solvak. 2015. “Ten Years of Internet Voting in Estonia: Overview of research on Internet Voting in 2005-2014.” Seminar on 22 January 2015. Seminar material published at http://www.vvk.ee/public/dok/Event_2015_print.pdf (last accessed 31 May 2015). Vassil, K., M. Solvak and P. Vinkel. 2014. “E-valimiste levik Eesti valijate hulgas.” Riigikogu Toimetised [Parliamentary Journal] 30, 116-128. Available at http://www.riigikogu.ee/rito/index.php?id=16791 (last accessed 31 May 2015). Vassil, K. and T. Weber. 2011. “A Bottleneck Model of E-Voting: Why Technology Fails to Boost Turnout.” New Media & Society 13(8), 1336-1354. 38

Venice Commission. 2010. Report CDL-AD on Constitutional Amendment adopted by the Venice Commission at its 81st Plenary Session (Venice, 11-12 December 2009). Available at http://www.venice.coe.int/webforms/documents/?pdf=CDLAD(2010)001-e (last accessed 31 May 2015). Volkamer, M., O. Spycher and E. Dubuis. 2011. “Measures to Establish Trust in Internet Voting.” In E. Estevez and M. Janssen (eds). Proceedings of the 5th International Conference on Theory and Practice of Electronic Governance (ICEGOV ’11). New York: ACM, 1-10. WE Forum. 2015. “Global IT Report 2015, Sections 10.1 and 10.3.” In S. Dutta, T. Geiger and B. Lanvin (eds.). World Economic Forum Global IT Report 2015. Geneva: World Economic Forum. Available at http://www3.weforum.org/docs/ WEF_Global_IT_Report_2015.pdf (last accessed 31 May 2015).

39

KOKKUVÕTE Elektrooniline hääletamine Eestis: õiguspärasus, mõju ja usaldus Valimistel legitimeerib kõrgeima võimu kandja – rahvas – seadusandliku võimu. Valimiste aususe kindlustamiseks vajalikud üldised põhimõtted on demokraatlike riikide vahel kokku lepitud: valimised peavad olema üldised, vabad ja ühetaolised, hääletamine peab olema salajane. Demokraatlikud protsessid, sh valimised, on oma detailides riigiti eripärased, kuivõrd nad on võrsunud riigi ajaloolisest ja kultuurilisest taustsüsteemist. Nõnda sisustatakse ka loetletud põhimõtteid riigiti erinevalt: on riike, kus valimistel osalemine on kohustuslik, teised loevad mitteosalemisõigust valimisvabaduse osaks; ette võib olla nähtud väga pikk eelhääletamise aeg või hääleõiguse volitamine; lubatud võib olla kontrollimata keskkonnas täidetud hääletamissedeli saatmine tavaposti teel. Mõned riigid, sh Eesti, lubavad Interneti teel elektroonilist hääletamist. Mainitud erinevused on lubatavad seni, kuni mahuvad demokraatlikes riikides üldtunnustatud valimisprintsiipide raamidesse. Ühelt poolt muutuvad valimisõiguslike inimeste käitumis- ja liikumismustrid, teiselt poolt lisandub tehnilisi võimalusi ka valimiskorralduses inimkäitumise muutumisega arvestamiseks. Muutuste kavandamisel tuleb hoolikalt ja pigem konservatiivselt kaaluda muudatuste eesmärkide tähtsust ja uuendustega võetavaid riske ning meeles pidada, et valimiste aususe kahtluse alla sattumine murendab ühiskonnas kehtivaid aluskokkuleppeid. Käesolev teadusartiklitest ja nende ülevaateartiklist koosnev väitekiri käsitleb Eesti kogemust elektroonilise hääletamisviisi juurutamisel alates 2005. a kohaliku omavalitsuse volikogu valimistest 2015. aasta Riigikogu valimisteni, otsides vastust küsimusele, kuidas Eesti on saavutanud Interneti teel kontrollimata keskkonnast elektroonilise hääletamise ausa hääletamisviisina tunnustamise valdavas osas ühiskonnast. Sellele küsimusele põhistatud vastuse andmiseks on uuritud kolme küsimusteringi: 1. Milliste võtetega on tagatud ja kuidas argumenteeritud Eestis kasutatava ehääletamise süsteemi ja selle kasutuspraktikate põhiseaduspärasust, sh kooskõla üldiste valimisprintsiipidega? 2. Millised on olnud Eestis kasutatava e-hääletamise süsteemi arenguetapid ning milline on olnud süsteemi mõju Eesti ühiskonnas? 3. Kuidas on Eestis tagatud e-hääletamise süsteemi usaldusväärsust? Väitekiri tugineb neljale töö põhiosas esitatud artiklile ning neljale töö lisasse kantud artiklile. Esimesele alaküsimusele pakuvad vastuse artiklid II ja III, analüüsides Eestis kasutatava e-hääletamise kontseptsiooni põhiseadusõiguslikku mõõdet. Eesti ehääletamise süsteemi arengut ning empiirilist kogemust vaadeldakse artiklites I, IV, V, VII ja VIII. Usaldusväärsuse tagamise meetmeid analüüsitakse aga artiklites I, V ja VI. Käesoleva väitekirja autoril on pikaajaline kogemus valimiste korraldamisel. Töökogemus Vabariigi Valimiskomisjoni sekretariaadis on kümne aasta pikkune, sellest 40

viimased kaks juhi rollis. Autor on saanud vahetult jälgida e-hääletamisega seotud teemade arutelu Riigikogus ja Vabariigi Valimiskomisjonis ning tunneb üksikasjalikult senist rakendus- ja kohtupraktikat. Lisaks on autor osa võtnud ja tutvustanud Eesti kogemust arvukatel elektroonilise hääletamise teemalistel konverentsidel ning osalenud OSCE/ODIHR (Euroopa Koostöö- ja Julgeolekuorganisatsiooni valimiste teemaga tegelev organ) ja Euroopa Nõukogu rahvusvaheliste juhiste ja soovituste väljatöötamisel. Väitekiri püüab siduda kaasaegse, teiste samateemaliste uurimustega sidestatud elektroonilise hääletamise teemalise teoreetilise käsitluse empiiriliste uuringutega Eesti näitel, tuues piiratud ulatuses paralleele Norra ja Šveitsiga. Eesti elektroonilise hääletamise arutelu algas Riigikogus 2002. aastal ja oma põhiseaduslikkuse mõõtmes kulmineerus põhiseaduslikkuse järelevalve menetlusega vahetult enne esmarakendamist 2005. aasta linna- ja vallavolikogude valimistel. Riigikohtu 2005. aasta otsuses kinnitati elektroonilise hääletamise sõlmküsimuste põhiseaduspärast lahendamist ja tollased seisukohad on õigusteaduslikus argumentatsioonis senini domineerivad. Kohus andis vastuse küsimusele, kas hääletamise salajasus on eesmärk iseeneses või ennekõike vahend valimisvabaduse tagamiseks, ja kas vajadus tagada valija õigus hääletada vabalt, anonüümselt ning privaatselt, kaalub üles e-hääletaja õiguse eelhääletamise vältel elektrooniline hääl teise e-hääle või pabersedelil häälega muuta. Elektrooniliselt antud hääle muutmise instituut on kohtu hinnangul oluline valimiste vabaduse tagamiseks ning seetõttu vajalik valimiste aususe garanteerimiseks. Täiendavat või uut juriidilist debatti põhiseaduslikku järku väärtuste üle pärast 2005. aastat peetud ei ole. Küll on teistsuguseid vaatenurki esitatud poliitilise võitluse käigus ja sotsiaalteaduslikes ning infotehnoloogiaalastes vaidlustes. Elektroonilise hääletamise praktika kontrollimiseks on võimalik ja on ka kasutatud Eestis valimiskaebuste lahendamise süsteemi. Tegemist on olemuselt haldusasjade lahendamisega kiirkorras põhiseaduslikkuse järelevalve kohtus. Kümne aasta jooksul, mil elektroonilist hääletamist on Eestis korraldatud, on seda tüüpi kaebused käsitlenud küsimusi nii ühetaolisusest, salajasusest, tehnilisest turvalisusest kui ka protseduurilisest kindlusest üksiknäidete varal. Kõik elektroonilise hääletamise teemalised valimiskaebused on seni jäänud rikkumiste mittetuvastamise tõttu rahuldamata või kohtu pädevusse mittekuulumise tõttu läbi vaatamata. Õiguspärasust ja põhiseaduslikkust saabki hinnata kahel tasandil: abstraktselt, normide põhiseaduslikkuse kontrolli teel, ning konkreetselt, üksikjuhtude kaebuste lahendamise kontekstis. Esimesel tasandil saab järeldada, et on saavutatud tasakaal tehnoloogiliste ja protseduuriliste lahenduste vahel, tagamaks Põhiseaduses kehtestatud valimispõhimõtete kaitse ja järgimine. Teisel tasandil ei ole seni põhistatult seaduserikkumisele viitavaid kaasusi olnud, ent selgeks on saanud vajadus korraldada elektroonilise hääletamise protsess selliselt, et süsteemi korrakohast toimimist on võimalik usaldusväärselt tõendada ka kohtumenetluses. See tähendab valimishalduse pideva täiustamise vajadust, uute protseduuride loomist, nende korrektset dokumenteerimist jpm. Nii kohtuliku kontrolli kui üldise ühiskondliku usaldatavuse seisukohalt on oluline pidev auditeerimise, testide ja kontrollitavuse arendamine. 41

Teisele uurimisküsimusele vastamisel saab Eesti elektroonilise hääletamise rakendamise ajaloo jaotada kolme faasi. Esimeses faasis toimus üldpoliitiline ja põhiseaduslik debatt ning ettevalmistus uudse hääletamisviisi esmakordseks rakendamiseks. Teises faasis toimusid viis hääletamist, kus toimus järkjärguline e-hääletajate arvu tõus ning osakaalu kasv kõigi hääletajate hulgast. Antud faasi lõpuaastatel, kui saavutati kriitiline neljandik e-hääletajaid valijaskonna koguhulgast, algas teine põhjalikum õiguslik debatt läbipaistvuse ja kontrollitavuse suurendamiseks e-hääletamise süsteemis. Valimiste vaheaastatel peetud debatt päädis e-hääletamise põhjalikuma sätestamisega valimisseadustes, protseduuriliste normide laiendamise ning valijatele pakutava kontrollimisvõimaluse rakendamisega 2013. a valimistest. Kolmandas faasis näeme valija poolt kasutatava kontrollitavuse meetme rakendamist valimistel, mõõdukat valijate arvu kasvu ning e-hääletajate osakaalu tõusmist ligi kolmandikuni koguhääletajatest. Oluline on rõhutada ka hääletamise struktuurseid muutusi eelhääletamise perioodil, kus e-hääletajad moodustavad juba üle poole kõikides sel ajavahemikul hääletanud valijatest. Kolmanda faasi lõpul alanud valimiste vaheline aeg juhatab aga järjekordselt sisse debati täiendava läbipaistvuse ja kontrollitavuse rakendamiseks, juhtides tähelepanu valimiste vahelise vaheaja olulisele seosele diskussioonide pidamise võimalustega. Mõjude osas valimistele ja ühiskondlikele protsessidele, saab kokkuvõtvalt järeldada, et elektroonilise hääletamise kasvatav mõju üldisele valimistest osavõtule on olnud pigem tagasihoidlik, omades olulist rolli eelkõike väljaspool Eestit hääletamisel ning valijate seas, kellel võib olla raskusi valimisjaoskonda pääsemisega. Teaduslike analüüside kohaselt on pärast 2009. aastat toimunud protsess, mille tulemusena ei ole võimalik ühiskondlike tunnuste abil elektroonilist hääletajat eristada. Puuduvad seosed nii vanuse, soo, elukoha, arvutioskuse kui poliitilise eelistuse jms osas. Ainuke väärtus, mis selgelt läbi aastate määratleb hääletaja valikut e-hääletamise kasuks otsustamisel, on usaldus kasutatava e-hääletamise süsteemi vastu. Võrdlusel kahe Interneti teel hääletamist rakendanud riigi – Šveitsi ja Norraga – selgub, et süsteemid on erinevad isikutuvastamise, verifitseerimise ja elektroonilise hääle asendamise (nn virtuaalse valimiskabiini) osas. Eestis ei oleks näiteks posti teel valija tuvastamiseks vajalike koodide saatmine mõeldav. E-hääletamise süsteemide rakendamisel on tähtis järgida igas konkreetses riigis aktsepteeritavaid ja usaldusväärseid reegleid, millega selle riigi ajalugu ja demokraatlik kultuur kokku sobib. Nagu eelnevalt sedastatud, usaldus e-hääletamise süsteemi ja veendumus, et valimiskorralduslik organisatsioon seda korrektselt ja õiguspäraselt rakendab, on üks kõige olulisemaid faktoreid, mille alusel valijad e-hääletamise kasuks või kahjuks otsustavad. Seetõttu on väitekirjas käsitletud autori poolt Eesti e-hääletamise süsteemi näitel arendatud kolmesambalist meetmete mudelit. Esimese samba moodustab valijate veendumus, et üldine e-valitsemise korraldus ja uute e-lahenduste juurutamine on tagatud korrektselt ja õiguspäraselt. Teise samba moodustab valijate usaldus elektroonilist identiteeti tagavate vahendite vastu, Eesti näitel usaldus ID-kaardi ja mobiil-ID elektrooniliste funktsioonide vastu. Kolmas sammas on kõige mahukam ning hõlmab endas valija usaldust valimisi läbiviiva 42

organisatsiooni ja valimistel kasutatava e-hääletamise süsteemi vastu. Konkreetsemalt on tegemist meetmetega, mis hõlmavad tehnilisi aspekte, valija kogemusest tulenevaid asjaolusid ning vaatlejate rollist tulenevaid küsimusi. Kokkuvõtvalt moodustavad usalduse tagamise meetmed kontseptsioonilise Usalduse Maja, kus kõik kolm sammast on tervikliku usalduse tagamiseks olulise tähtsusega. Keeruliseks teeb avalikkuse usalduse võitmise ja säilitamise see, et ka veatu organisatsiooni ja tehnilise korrektsuse korral pole võimalik välistada alusetuid, ent edukaid rünnakuid usaldatavuse vastu. Seega tuleb vaeva näha ka selle nimel, et e-hääletamine mitte üksnes ei oleks, vaid ka paistaks aus. Eesti ja ka teised riigid on näidanud, et Interneti teel elektroonilise hääletamise juurutamine on võimalik, arvestades seejuures iga riigi poliitilisi ja kultuurilisi eripärasid. Rakendada tuleb põhjalikku mitmekülgset analüüsi ning arvestada igale riigile omase kontekstiga, ainult nii on võimalik saavutada erinevaid aspekte arvestav tasakaalustatud lahendus.

43

ACKNOWLEDGEMENTS I am lucky to be part of a complete scientific family, to have a Doktormutter, Professor Dr Ülle Madise, and a Doktorvater, Professor Dr Robert Krimmer. Ülle has been my closest ally and colleague throughout my scientific endeavors, has believed in me in good and not so good times and has simply been a great friend. Her vision and relentless support have always been very inspiring and helped me tremendously in my journey. Thank you! Robert has been an excellent colleague and visionary in the academic and practical fields. His wide-ranging understanding of the topic, punctuality and great academic sense have been irreplaceable in finalizing this dissertation. Thank you! I would like to give my special appreciation to the Ragnar Nurkse School for an inspiring and supportive academic environment for my PhD studies. My thanks go to Professor Dr Rainer Kattel, Professor Dr Wolfgang Drechsler, Professor Dr Ringa Raudla, Dr Illimar Ploom and all the faculty and fellow students for meaningful years of study. Special thanks go to Piret Kähr and all her colleagues for creating a support network throughout the studies that actually works. Thank you! Additionally, my thanks go to Dr Kristjan Vassil and Dr Mihkel Solvak from the University of Tartu, whose passion and energy in the research of Internet Voting has been remarkable and inspiring. Moreover, I would like to thank my BA thesis advisor, Professor emeritus Dr Rein Taagepera, who introduced me to the world of elections and electoral systems and encouraged me to study it further, which gave a push to my academic and professional journey more than ten years ago. Thank you! Particularly kind thanks for their support and encouragement belong to my dear colleagues at the Estonian electoral organization “kitchen” – Tarvi Martens, Epp Maaten, Mihkel Pilving, Arne Koitmäe, Leino Mandre and Helena Stepanov. Distinctive appreciation has to be given to my supervisors throughout the years – Dr Alo Heinsalu, Aaro Mõttus and Heiki Sibul – who have encouraged me to see further and beyond and have supported me in every instance in achieving my academic goals. Thank you! Finally, yet importantly, I would like to thank my family and friends. My wonderful wife Kadri and my children Joosep Oliver and Johanna Matilda have always believed in me, supported me and have had my back throughout any difficult times. Thank you!

44

ORIGINAL PUBLICATIONS

I Priit Vinkel. 2012. “Internet Voting in Estonia.” In P. Laud (ed.). Information Security Technology for Applications: 16th Nordic Conference on Secure IT Systems, NordSec 2011, Tallinn, Estonia, 26-28 October 2011, Revised Selected Papers. Berlin: Springer, 4-12. (1.1)

45

01234132562718719 2617 

!""# $%&# '# ()**+,-*./012--/,00 34567896:;?AB CD%B?E@DFGGHIJD@L"I CR D